You are reading content from Scuttlebutt
@Dominic %lBglUeQhHbKRGigcXXZmeQOTXisoSAI9J3X6vnxsDhA=.sha256
Re: %BOMhRjBpW

oh, sorry, let me clarify one thing I said wrong.

There are two types of asymmetric cryptography (not actually the whole story but will do for now) signing, and exchange.

you create a signature with a signing (private) key, and it's verified with a corresponding public key.

Then there are also exchange keys, or called diffie-helman keys. There isn't really a widely used name for this type of key, mainly i think because it doesn't have a simple real-world metaphor like "signing" does. Anyway, exchange keys take your public key, and my secret key then combines the together to produces a shared exchange key.

In nacl this operation is called scalarmult. That is an implementation detail really, in classic DiffieHelman a different mathematical operation is used, but it has the same behavior. That is, we can each take the other's public key, and our own secret key, and produce a key that essentially represents a relationship between us.

In nacl both types of keys are used, signing keys are ed25519 keys, and exchange keys are curve25519 keys. sign uses ed25519 keys, and scalarmult takes curve25519.
box takes two exchange keys, and then uses scalarmult internally. There is also another function secretbox that just takes a symmetric key, say the output of scalarmult.

To encrypt a private key, you probably don't encrypt it to anyone, so secretbox is the one to use. Also, you'll need to generate the key the first time, and then later, you'll need to restore it. To do that, you need a seed. That is just a random number, but make sure it's really random. instead of encrypting the private key, encrypt the seed, then regenerate the keypair from that seed.

Join Scuttlebutt now